SASKI Shadow Mode · SDK v1.6.4
See What Your AI Is Missing.
Before You Change Anything.
SASKI Shadow Mode deploys inside your own infrastructure, runs full deterministic analysis on every conversation, and delivers a complete findings report in 7 days. Nothing blocks. Nothing changes for your users. Your production environment is never touched.
How It Works
Deploy in your staging environment. See what your production traffic reveals.
Shadow Mode is not a demo environment. It is not a sandbox. It evaluates your actual conversation patterns using the same deterministic enforcement engine that powers every SASKI deployment. Your engineering team deploys the SASKI SDK inside your own infrastructure in a staging environment that mirrors your production traffic. Setup takes under two hours.
Step 01 — Deploy
Install and configure
Your engineering team installs the SASKI SDK and sets SASI_DEPLOYMENT_MODE=shadow. Shadow mode cannot run with ENVIRONMENT=production active. Your production environment is never touched.
Step 02 — Evaluate
Analysis runs silently
SASKI runs full deterministic analysis on every message. Nothing blocks. Your LLM call fires normally. Your users see no difference. Cryptographic receipts collect in the background for 7 days of real traffic.
Step 03 — Report
Your findings, your traffic
Your team receives a full findings report showing exactly what SASKI detected, what it would have intercepted, and what it would have blocked in your actual traffic. Built from your own conversations, not simulated inputs.
We know what you are thinking.
Shadow Mode is an SDK deployment, not a cloud API call. There is no external endpoint involved. The SASKI SDK runs inside your own infrastructure. Your user conversations are not routed to a shared cloud. They are not processed by a third-party server. The SaskiEnvelope receipts generated during the evaluation are stored within your environment and remain under your custody throughout.
If your organization has data residency requirements, a VPC mandate, or legal restrictions on routing patient, student, or employee interaction data through external endpoints, Shadow Mode satisfies those requirements by design. There is nothing to route externally because nothing leaves your perimeter.
What You Receive
Eight deliverables. All built from your own traffic.
PII and PHI Detection Summary
A count and examples of personally identifiable and protected health information present in user messages before your bot logic applied — SSNs, dates of birth, insurance IDs, phone numbers, and other HIPAA-covered token types detected at the transport layer.
Crisis and Escalation Signal Count
How many turns triggered SASKI's deterministic crisis detection, which tier each turn landed in, which action SASKI assigned including EMPATHY, MONITOR, RESOURCES, or IMMEDIATE_988 routing, and how SASKI would have responded versus your current system.
Compliance Exposure Examples
Specific conversation flows where COPPA, HIPAA, California AB 3030, California SB 243, Maryland MODPA, Colorado SB 26-189, or EU AI Act obligations were triggered in your live traffic. Includes which statute, what the jurisdiction resolver determined, and what SASKI would have done.
Unsafe Flow Documentation
Examples of hallucinated safety actions, therapeutic drift, boundary failures, or adversarial extraction attempts in your actual conversations. These are turns where SASKI would have blocked or redirected but your current system did not. Your real traffic, not simulated inputs.
Token Savings Calculation
Exact monthly and annual token overhead reduction SASKI would deliver at your actual inference volume, calculated from your real session data across Tier 1, Tier 2, and Tier 3 turn distribution. Model your approximate savings first at techviz.us/tokenator.
Latency Impact Report
Measured latency overhead of SASKI enforcement on your specific stack, reported at p50, p95, and p99 across all shadow turns. SDK target is under 50ms. API target is under 200ms. Your actual numbers, not generic benchmarks.
SaskiEnvelope Evidence Sample
Sample cryptographic receipts generated from your own conversations during the evaluation. Each contains a SHA-256 payload hash, redaction confirmation, jurisdiction source, and mode tag — the audit trail artifacts built for regulators, E&O underwriters, and legal teams.
Recommended Enforcement Path
Which SASKI mode fits your deployment context, which governance tier distribution to expect in production based on your actual traffic, which jurisdiction configuration to enable, and estimated time to full enforce deployment.
You do not need to understand the architecture to understand the report.
If you are running an AI chatbot in a regulated industry, the Shadow Mode report answers the questions your legal team, compliance officer, and E&O underwriter are already asking.
- Is our AI transmitting user data we should not be transmitting?
- Are we handling crisis situations in a way that creates liability?
- Do we have documented proof of what our AI did on any given user interaction?
- Are we paying for governance overhead we do not need on safe conversations?
The report is written for business stakeholders, not just engineers. Every finding includes a plain-language description of what was detected, what the regulatory exposure is, and what SASKI would have done differently.
Your engineering team handles the deployment. It takes under two hours. You receive the report. Everything after that is your decision.
Here is exactly what Shadow Mode does at the infrastructure layer.
Install the SASKI SDK via pip and set SASI_DEPLOYMENT_MODE=shadow via environment variable or YAML configuration. Requires Python 3.8 or higher and a staging environment that mirrors your production traffic. Do not run shadow mode with ENVIRONMENT=production or SASI_ENV=production active. The production enforce lock will override shadow mode.
from sasi_sdk.deployment_mode import evaluate_deployment_mode
from sasi_sdk.evidence_export import turn_payload_from_result
session = SasiSession(user_id="user_123", mode="your_mode")
result = session.analyze(
message=user_message,
conversation_history=history,
system_prompt=your_lean_prompt,
)
decision = evaluate_deployment_mode(result, mode="shadow")
# enforcement_suppressed=True — nothing blocks
# Your LLM call fires normally
payload = turn_payload_from_result(result, mode_tag="shadow_mode")
# Evidence stored in your infrastructure, not transmitted externally
On every turn, session.analyze() runs the full deterministic enforcement pipeline. Because SASI_DEPLOYMENT_MODE=shadow is set, enforcement_suppressed is true on every turn. Every call returns:
- A
SaskiEnvelopereceipt containing the policy hash, decision trace, risk tier assignment, and Ed25519 cryptographic signature over RFC 8785 JCS canonical JSON. - A
system_prompt_for_llmvalue showing what SASKI would have assembled for that turn under full enforcement. - A
message_for_llmvalue showing whether SASKI would have passed the message unchanged, redacted PII, or rewritten it to a safe crisis template. - An
actionvalue ofproceed,redact,block,escalate, orinsufficient_contextshowing the enforcement decision SASKI would have made. - An
enforcement_suppressedflag set totrueconfirming analysis ran but no enforcement action was taken.
Run for a minimum of 48 to 72 hours of real traffic before reviewing results. Seven days produces a statistically meaningful report across a broader range of conversation types and risk distributions.
SASI_DEPLOYMENT_MODE=enforce
# Gate your LLM call on the enforcement decision
if not decision.effective_should_block:
response = call_llm(result.message_for_llm)
After the Evaluation
Shadow Mode is the beginning of the conversation, not the end of it.
After you receive the report, three paths are available. There is no pressure attached to any of them.
Do nothing.
You keep the report. You have documented evidence of what SASKI found in your production traffic patterns. That evidence belongs to you regardless of what you decide next. There is no obligation attached to receiving it.
Move to full integration.
SASKI becomes your pre-LLM enforcement layer. The recommended enforcement path in your report becomes your starting configuration. Moving from shadow to enforce requires a single configuration change. Integration into your existing stack takes 2 to 8 hours total.
Ask questions first.
Reach out directly. The report will surface findings that warrant a conversation about your specific deployment context, regulatory exposure, and what full enforcement would look like for your platform. There is no sales process attached to that conversation.
There is no pressure path. The report is the value. Everything after that is your decision.
Not Ready for Shadow Mode Yet?
Start with the Prompt Analyzer.
Run your current system prompt through the SASKI Prompt Analyzer at techviz.us/tokenator. Paste your system prompt. See exactly which governance obligations SASKI handles at the pre-LLM layer, what you can safely remove from your static prompt, and what your token overhead costs you annually at your current inference volume. No signup. No commitment. Results in under 30 seconds.
Ready to see what your AI is missing?
Shadow Mode deploys inside your infrastructure via the SASKI SDK. Setup takes under two hours. Your data never leaves your environment. Your users see nothing different. You receive a full findings report in seven days.